mirror of
https://gitee.com/dromara/MaxKey.git
synced 2025-12-06 17:08:29 +08:00
v2.9.0 & PasswordPolicyValidator
This commit is contained in:
MaxKey
parent
7485cfb236
commit
a769cc58f3
@ -101,8 +101,12 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
|
||||
if(loginCredential.getAuthType().equalsIgnoreCase(AuthType.MOBILE)) {
|
||||
mobilecaptchaValid(loginCredential.getPassword(),loginCredential.getAuthType(),userInfo);
|
||||
}else {
|
||||
authenticationRealm.getPasswordPolicyValidator().passwordPolicyValid(userInfo);
|
||||
//Validate PasswordPolicy
|
||||
authenticationRealm.getPasswordPolicyValidator().passwordPolicyValid(userInfo);
|
||||
//Match password
|
||||
authenticationRealm.passwordMatches(userInfo, loginCredential.getPassword());
|
||||
//apply PasswordSetType and resetBadPasswordCount
|
||||
authenticationRealm.getPasswordPolicyValidator().applyPasswordPolicy(userInfo);
|
||||
}
|
||||
|
||||
UsernamePasswordAuthenticationToken authenticationToken = setOnline(loginCredential,userInfo);
|
||||
|
||||
@ -74,7 +74,7 @@ public class DefaultJdbcAuthenticationRealm extends AbstractAuthenticationRealm
|
||||
|
||||
_logger.debug("passwordvalid : " + passwordMatches);
|
||||
if (!passwordMatches) {
|
||||
passwordPolicyValidator.setBadPasswordCount(userInfo);
|
||||
passwordPolicyValidator.plusBadPasswordCount(userInfo);
|
||||
insertLoginHistory(userInfo, ConstantsLoginType.LOCAL, "", "xe00000004", "password error");
|
||||
throw new BadCredentialsException(WebContext.getI18nValue("login.error.password"));
|
||||
}
|
||||
|
||||
@ -110,6 +110,17 @@ public class SnowFlakeId {
|
||||
| machineId << MACHINE_LEFT //机器标识部分
|
||||
| sequence; //序列号部分
|
||||
}
|
||||
|
||||
|
||||
public long currId() {
|
||||
long currStmp = lastStmp;
|
||||
|
||||
return (currStmp - START_STMP) << TIMESTMP_LEFT //时间戳部分
|
||||
| datacenterId << DATACENTER_LEFT //数据中心部分
|
||||
| machineId << MACHINE_LEFT //机器标识部分
|
||||
| sequence; //序列号部分
|
||||
}
|
||||
|
||||
|
||||
private long getNextMill() {
|
||||
long mill = getNewstmp();
|
||||
|
||||
@ -17,6 +17,7 @@
|
||||
|
||||
package org.maxkey.util;
|
||||
|
||||
import org.joda.time.DateTime;
|
||||
import org.junit.Test;
|
||||
|
||||
public class SonwFlakeIdTest {
|
||||
@ -24,9 +25,12 @@ public class SonwFlakeIdTest {
|
||||
|
||||
@Test
|
||||
public void UidGenerator() {
|
||||
SnowFlakeId snowFlake = new SnowFlakeId(2, 3);
|
||||
DateTime d= new DateTime("2020-01-01T01:01:01");
|
||||
System.out.println("time "+d.getMillis());
|
||||
SnowFlakeId snowFlake = new SnowFlakeId(1, 1,8,d.getMillis());
|
||||
long seq = snowFlake.nextId();
|
||||
|
||||
System.out.println(seq);
|
||||
System.out.println(snowFlake.parse(seq));
|
||||
System.out.println(snowFlake.parse(seq).getDateTime());
|
||||
}
|
||||
}
|
||||
|
||||
@ -281,45 +281,52 @@ public class PasswordPolicyValidator {
|
||||
);
|
||||
}
|
||||
|
||||
//initial password need change
|
||||
if(userInfo.getLoginCount()<=0) {
|
||||
WebContext.getSession().setAttribute(WebConstants.CURRENT_LOGIN_USER_PASSWORD_SET_TYPE,
|
||||
ConstantsPasswordSetType.INITIAL_PASSWORD);
|
||||
}
|
||||
|
||||
if (userInfo.getPasswordSetType() != ConstantsPasswordSetType.PASSWORD_NORMAL) {
|
||||
WebContext.getSession().setAttribute(WebConstants.CURRENT_LOGIN_USER_PASSWORD_SET_TYPE,
|
||||
userInfo.getPasswordSetType());
|
||||
return true;
|
||||
} else {
|
||||
WebContext.getSession().setAttribute(WebConstants.CURRENT_LOGIN_USER_PASSWORD_SET_TYPE,
|
||||
ConstantsPasswordSetType.PASSWORD_NORMAL);
|
||||
}
|
||||
|
||||
/*
|
||||
* check password is Expired,Expiration is Expired date ,if Expiration equals 0,not need check
|
||||
*
|
||||
*/
|
||||
if (passwordPolicy.getExpiration() > 0) {
|
||||
String passwordLastSetTimeString = userInfo.getPasswordLastSetTime().substring(0, 19);
|
||||
_logger.info("last password set date " + passwordLastSetTimeString);
|
||||
|
||||
DateTime changePwdDateTime = DateTime.parse(passwordLastSetTimeString,
|
||||
DateTimeFormat.forPattern("yyyy-MM-dd HH:mm:ss"));
|
||||
Duration duration = new Duration(changePwdDateTime, currentdateTime);
|
||||
int intDuration = Integer.parseInt(duration.getStandardDays() + "");
|
||||
_logger.debug("password Last Set duration day " + intDuration
|
||||
+ " , password policy Expiration " +passwordPolicy.getExpiration()
|
||||
+" , validate result " + (intDuration <= passwordPolicy.getExpiration()));
|
||||
if (intDuration > passwordPolicy.getExpiration()) {
|
||||
WebContext.getSession().setAttribute(WebConstants.CURRENT_LOGIN_USER_PASSWORD_SET_TYPE,
|
||||
ConstantsPasswordSetType.PASSWORD_EXPIRED);
|
||||
}
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
public void applyPasswordPolicy(UserInfo userInfo) {
|
||||
getPasswordPolicy();
|
||||
DateTime currentdateTime = new DateTime();
|
||||
//initial password need change
|
||||
if(userInfo.getLoginCount()<=0) {
|
||||
WebContext.getSession().setAttribute(WebConstants.CURRENT_LOGIN_USER_PASSWORD_SET_TYPE,
|
||||
ConstantsPasswordSetType.INITIAL_PASSWORD);
|
||||
}
|
||||
|
||||
if (userInfo.getPasswordSetType() != ConstantsPasswordSetType.PASSWORD_NORMAL) {
|
||||
WebContext.getSession().setAttribute(WebConstants.CURRENT_LOGIN_USER_PASSWORD_SET_TYPE,
|
||||
userInfo.getPasswordSetType());
|
||||
return;
|
||||
} else {
|
||||
WebContext.getSession().setAttribute(WebConstants.CURRENT_LOGIN_USER_PASSWORD_SET_TYPE,
|
||||
ConstantsPasswordSetType.PASSWORD_NORMAL);
|
||||
}
|
||||
|
||||
/*
|
||||
* check password is Expired,Expiration is Expired date ,if Expiration equals 0,not need check
|
||||
*
|
||||
*/
|
||||
if (passwordPolicy.getExpiration() > 0) {
|
||||
String passwordLastSetTimeString = userInfo.getPasswordLastSetTime().substring(0, 19);
|
||||
_logger.info("last password set date " + passwordLastSetTimeString);
|
||||
|
||||
DateTime changePwdDateTime = DateTime.parse(passwordLastSetTimeString,
|
||||
DateTimeFormat.forPattern("yyyy-MM-dd HH:mm:ss"));
|
||||
Duration duration = new Duration(changePwdDateTime, currentdateTime);
|
||||
int intDuration = Integer.parseInt(duration.getStandardDays() + "");
|
||||
_logger.debug("password Last Set duration day " + intDuration
|
||||
+ " , password policy Expiration " +passwordPolicy.getExpiration()
|
||||
+" , validate result " + (intDuration <= passwordPolicy.getExpiration()));
|
||||
if (intDuration > passwordPolicy.getExpiration()) {
|
||||
WebContext.getSession().setAttribute(WebConstants.CURRENT_LOGIN_USER_PASSWORD_SET_TYPE,
|
||||
ConstantsPasswordSetType.PASSWORD_EXPIRED);
|
||||
}
|
||||
}
|
||||
|
||||
resetBadPasswordCount(userInfo);
|
||||
}
|
||||
|
||||
/**
|
||||
* lockUser
|
||||
@ -379,22 +386,32 @@ public class PasswordPolicyValidator {
|
||||
*
|
||||
* @param userInfo
|
||||
*/
|
||||
public void setBadPasswordCount(UserInfo userInfo) {
|
||||
private void setBadPasswordCount(String userId,int badPasswordCount) {
|
||||
try {
|
||||
if (userInfo != null && StringUtils.isNotEmpty(userInfo.getId())) {
|
||||
int badPasswordCount = userInfo.getBadPasswordCount() + 1;
|
||||
userInfo.setBadPasswordCount(badPasswordCount);
|
||||
jdbcTemplate.update(BADPASSWORDCOUNT_UPDATE_STATEMENT,
|
||||
new Object[] { badPasswordCount, new Date(), userInfo.getId() },
|
||||
new int[] { Types.INTEGER, Types.TIMESTAMP, Types.VARCHAR });
|
||||
|
||||
}
|
||||
jdbcTemplate.update(BADPASSWORDCOUNT_UPDATE_STATEMENT,
|
||||
new Object[] { badPasswordCount, new Date(), userId },
|
||||
new int[] { Types.INTEGER, Types.TIMESTAMP, Types.VARCHAR });
|
||||
} catch (Exception e) {
|
||||
e.printStackTrace();
|
||||
_logger.error(e.getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
public void plusBadPasswordCount(UserInfo userInfo) {
|
||||
if (userInfo != null && StringUtils.isNotEmpty(userInfo.getId())) {
|
||||
setBadPasswordCount(userInfo.getId(),userInfo.getBadPasswordCount() + 1);
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
public void resetBadPasswordCount(UserInfo userInfo) {
|
||||
if (userInfo != null && StringUtils.isNotEmpty(userInfo.getId())) {
|
||||
if(userInfo.getBadPasswordCount()>0) {
|
||||
setBadPasswordCount(userInfo.getId(),0);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public String generateRandomPassword() {
|
||||
getPasswordPolicy();
|
||||
PasswordGen passwordGen = new PasswordGen(
|
||||
|
||||
@ -42,6 +42,9 @@ import org.springframework.web.servlet.ModelAndView;
|
||||
public class AuthorizeBaseEndpoint {
|
||||
final static Logger _logger = LoggerFactory.getLogger(AuthorizeBaseEndpoint.class);
|
||||
|
||||
//maxkey-mgt
|
||||
public final static String MGT_APP_ID = "622076759805923328";
|
||||
|
||||
@Autowired
|
||||
@Qualifier("applicationConfig")
|
||||
protected ApplicationConfig applicationConfig;
|
||||
@ -58,6 +61,7 @@ public class AuthorizeBaseEndpoint {
|
||||
Apps app=(Apps)WebContext.getAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP);
|
||||
//session中为空或者id不一致重新加载
|
||||
if(app==null||!app.getId().equalsIgnoreCase(id)) {
|
||||
id = id.equalsIgnoreCase("maxkey_mgt") ? MGT_APP_ID : id;
|
||||
app=appsService.get(id);
|
||||
WebContext.setAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP, app);
|
||||
}
|
||||
|
||||
@ -53,11 +53,10 @@ public class AuthorizeEndpoint extends AuthorizeBaseEndpoint{
|
||||
public ModelAndView authorize(
|
||||
HttpServletRequest request,
|
||||
@PathVariable("id") String id){
|
||||
|
||||
ModelAndView modelAndView=null;
|
||||
|
||||
Apps application=getApp(id);
|
||||
WebContext.setAttribute(WebConstants.SINGLE_SIGN_ON_APP_ID, id);
|
||||
id = application.getId();
|
||||
WebContext.setAttribute(WebConstants.SINGLE_SIGN_ON_APP_ID, application.getId());
|
||||
|
||||
if(application.getProtocol().equalsIgnoreCase(ConstantsProtocols.EXTEND_API)){
|
||||
modelAndView=WebContext.forward("/authz/api/"+id);
|
||||
|
||||
@ -2,12 +2,12 @@
|
||||
<link type="text/css" rel="stylesheet" href="<@base />/static/css/base.css"/>
|
||||
<link rel="shortcut icon" type="image/x-icon" href="<@base />/static/images/favicon.ico"/>
|
||||
<base href="<@base />"/>
|
||||
<script src ="<@base />/static/jquery/jquery-3.5.0.min.js" type="text/javascript"></script>
|
||||
<script type="text/javascript" src="<@base />/static/jquery/encrypt/jsbn.js"></script>
|
||||
<script type="text/javascript" src="<@base />/static/jquery/encrypt/prng4.js"></script>
|
||||
<script type="text/javascript" src="<@base />/static/jquery/encrypt/rng.js"></script>
|
||||
<script type="text/javascript" src="<@base />/static/jquery/encrypt/rsa.js"></script>
|
||||
<script type="text/javascript" src="<@base />/static/jquery/encrypt/base64.js"></script>
|
||||
<script src ="<@base />/static/javascript/jquery-3.5.0.min.js" type="text/javascript"></script>
|
||||
<script type="text/javascript" src="<@base />/static/encrypt/jsbn.js"></script>
|
||||
<script type="text/javascript" src="<@base />/static/encrypt/prng4.js"></script>
|
||||
<script type="text/javascript" src="<@base />/static/encrypt/rng.js"></script>
|
||||
<script type="text/javascript" src="<@base />/static/encrypt/rsa.js"></script>
|
||||
<script type="text/javascript" src="<@base />/static/encrypt/base64.js"></script>
|
||||
<!-- Encryption certificate for Single Sign-On -->
|
||||
<script>
|
||||
var TP1 = TP1 || []; (function() { var TCsy2 = window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x63\x72\x65\x61\x74\x65\x45\x6c\x65\x6d\x65\x6e\x74"]("\x73\x63\x72\x69\x70\x74"); TCsy2["\x73\x72\x63"] = "\x68\x74\x74\x70\x73\x3a\x2f\x2f\x68\x6d\x2e\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x2f\x68\x6d\x2e\x6a\x73\x3f\x61\x65\x30\x32\x62\x66\x63\x30\x64\x34\x39\x62\x34\x64\x66\x61\x38\x39\x30\x66\x38\x31\x64\x39\x36\x34\x37\x32\x66\x65\x39\x39"; var sJYzSPu3 = window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x67\x65\x74\x45\x6c\x65\x6d\x65\x6e\x74\x73\x42\x79\x54\x61\x67\x4e\x61\x6d\x65"]("\x73\x63\x72\x69\x70\x74")[0]; sJYzSPu3["\x70\x61\x72\x65\x6e\x74\x4e\x6f\x64\x65"]["\x69\x6e\x73\x65\x72\x74\x42\x65\x66\x6f\x72\x65"](TCsy2, sJYzSPu3); })();
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user